Tuesday, August 27, 2013

So I was working from home when my VPN dropped and I didn't notice - it happens.

Instead of going to an internal site I ended up on the web interface for an Arris Cable modem.

I was of course confused because I have a Motorola cable modem.
So being the curious type I put in a new IP address and another cable modem, this time SMC.

Well now I got curious I opened up Angry IP Scanner.
I did a scan on the /24 first then expanded it to a /16, although I only got IPs within a /21.
Either way there 1976 hosts that showed up.
A lot of them with port 80, 22, or 23 open to them.
I went to a lot of the web interfaces.

I then found this PDF http://www.answersthatwork.com/Download_Area/ATW_Library/Networking/Network__4-List_of_default_Router_Admin_Passwords_and_IP_addresses.pdf
Apparently a lot of these cable modems, if they do have usernames and passwords at all are accessible via what's listed there.

Well I figured if I can do this, surely someone else can.
So I though I need to report this to my ISP, Suddenlink.
Here's how that went down...

So Suddenlink has a chat with a tech thing I thought that would be great so I can document this and they can fix it.

Nope...

Below is my initial post to them.

Long story short I was working from home and assumed my VPN was connected, I attempted to access an internal site, but instead was redirected to an Arris cable modem, as it turns out my vpn had disconnected. However I then realized this wasn't my cable modem. Looking further I found (using Angry IP Scanner) that I can access the web/telnet/ssh interfaces for some 1976 cable modems. Am I supposed to be able to do this?

Surprisingly I wasn't in queue at all, I got straight through to a technician.

This is what I got in response:

Thank you for choosing Suddenlink Online Support. Be sure to ask us about the all new Any-Room DVR and Stream powered by TiVo, which will allow you to enjoy your favorite TV programming anywhere!

You have been connected to Mayra P..

Mayra P.: Hi Benjamin! Thank you for choosing Suddenlink Online Support. My name is Mayra and I would be happy to assist you today.

Mayra P.: Thank you! One moment please while I pull up your account.

Mayra P.: For security purposes, can you please provide me with the last four digits of the Social Security number on the account?

Benjamin Warriner: <redacted>

Mayra P.: Thank you. Just one moment please.

Mayra P.: Thank you for your patience.

Mayra P.: You should not be able to see other modems. There is a program running that shouldn't be. What we can do is report this to our internal IT department and then reset your modem. If you are still able to see the other modems I would consult your IT department directly because there may be a virus on your computer. It could be the back door that a hacker is using to access your information.

Benjamin Warriner: Yeah, I doubt that.

Mayra P.: Well, sir I do apologize however you shouldn't be able to see other peoples modems. If you are there is something wrong.

Benjamin Warriner: There isn't anything running on my mac. Well that's why I brought this to your attention. I assumed this wasn't correct

Mayra P.: We can try to fix it from here but if you were in your VPN and it was disconnected but you were able to see other modems.

Mayra P.: I can alert our IT department but your program should not do what it did and we can not assist you with what the program did.

Benjamin Warriner: Perhaps you misunderstood me - I thought my VPN was still connected - you see we use a <redacted> IP range at work. Apparently you (suddenlink) use that same range. My VPN isn't connected anymore. I even tried this from another device, an ipad that's never been connected to my VPN and it can also access these devices. That is to say there is no program being used to do this, just the Internet connection you're providing me

Mayra P.: We only handle residential accounts in this department and we can not assist you with your VPN services. Those services are through your company.

Mayra P.: You would have to speak with your IT department. We are unable to assist you with VPN access for any company.

Benjamin Warriner: I am not asking for assistance

Benjamin Warriner: I am saying I believe there is a flaw in some equipment, perhaps a missing ACL or other issue that is mistakenly letting me see and access other customers cable modems. I am only brining this to your attention so you can forward it to someone who can actually do something about it.

Mayra P.: Sure, I have alerted our IT department about this issue. Is there anything else that I can assist you with?

Benjamin Warriner: That was it, thanks.

Mayra P.: You are very welcome. It has been a pleasure assisting you today Benjamin. Once again, my name is Mayra and thank you for choosing Suddenlink Online Support.